I'm writing a small app that checks to see if a computer and current user are members of the appropriate security groups in Active Directory. I stumbled across this question LINK but it looks like it was forgotten and I'm running into the same issues as the OP. The end result is I want to be able to create an array that is very similar to running the following command from a command prompt.
gpresult /r
Here is a code sample that I have tried from the above link, I'm running into the same errors as the OP specifically "out of range" exception" when attempting to set LoggingUser and LoggingComputer. Since I can't get past these errors I'm not even sure if this method is the right route.
GPRsop rsop = new GPRsop(RsopMode.Logging, "root\\RSOP\\Computer");
rsop.LoggingComputer = "MyComputer";
rsop.LoggingUser = "domain\\user";
rsop.LoggingMode = LoggingMode.Computer;
rsop.CreateQueryResults();
rsop.GenerateReportToFile(ReportType.Xml, "C:\\Temp\\test.xml");
I found a roundabout way to accomplish what I needed by reading the registry keys located in "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History" for applied group policies, added them to an ArrayList then checked to see if the list contained the policy I'm interested in.
To make sure these keys are dynamically updated, I removed the machine in question from the GPO group, rebooted and the keys associated with that policy were removed.
ArrayList groupPolicies = new ArrayList();
using (RegistryKey historyKey = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History"))
{
foreach (string historySubkey in historyKey.GetSubKeyNames())
{
using (RegistryKey guidKey = historyKey.OpenSubKey(historySubkey))
{
foreach (string guidsubkey in guidKey.GetSubKeyNames())
{
using (RegistryKey keyvalue = guidKey.OpenSubKey(guidsubkey))
{
groupPolicies.Add(keyvalue.GetValue("DisplayName"));
//Console.WriteLine(keyvalue.GetValue("DisplayName"));
}
}
}
}
}
if (!groupPolicies.Contains("replacewithyourGPOname"))
{
Console.WriteLine("The machine is not a member of the policy");
}
Related
I try to get the Full Path of a File. ie. calc
Input: calc
Expected output: C:\WINDOWS\system32\calc.exe
I could find out how to do it with PowerShell:
(Get-Command calc).Source
Or with CommandLine:
where.exe calc
But unfortunately I can not get it done with C#.
The documentation for Get-Command says:
Get-Command * gets all types of commands, including all of the non-PowerShell files in the Path environment variable ($env:Path), which it lists in the Application command type.
So we will need to get the Path environment variable and iterate over the directories it lists, looking for files with extensions that indicate the file is a program, for example "*.com" and "*.exe".
The problem with the Path environment variable is that it can become polluted with non-existent directories, so we will have to check for those.
The case of the filename and extension don't matter, so case-insensitive comparisons need to be made.
static void ShowPath(string progName)
{
var extensions = new List<string> { ".com", ".exe" };
string envPath = Environment.GetEnvironmentVariable("Path");
var dirs = envPath.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
foreach (string d in dirs.Where(f => Directory.Exists(f)))
{
foreach (var f in (Directory.EnumerateFiles(d).
Where(thisFile => extensions.Any(h => Path.GetExtension(thisFile).Equals(h, StringComparison.InvariantCultureIgnoreCase)))))
{
if (Path.GetFileNameWithoutExtension(f).Equals(progName, StringComparison.InvariantCultureIgnoreCase))
{
Console.WriteLine(f);
return;
}
}
}
Console.WriteLine("Not found.");
}
static void Main(string[] args)
{
ShowPath("calc");
Console.ReadLine();
}
Output:
C:\WINDOWS\system32\calc.exe
There is always the possibility that the current user does not have permission to list the files from somewhere in the path, so checks should be added for that. Also, you might want to use StringComparison.CurrentCultureIgnoreCase for the comparison.
You can get the Pathenvironment variable, split it with ; as delimiter and loop over that result. Then, check if the file path + #"\" + name + ".exe" exists.
var findMe = "calc";
var pathes = Environment.GetEnvironmentVariable("Path").Split(';');
foreach (var path in pathes)
{
var testMe = $#"{path}\{findMe}.exe";
if (File.Exists(testMe))
{
Console.WriteLine(testMe);
}
}
This outputs :
C:\WINDOWS\system32\calc.exe
I do not know about any way of doing that exact thing from C# either. However the paths are usually well known and can be retreived via the SpecialFolders Enumeration:
using System;
using System.Diagnostics;
using System.IO;
namespace RunAsAdmin
{
class Program
{
static void Main(string[] args)
{
/*Note: Running a batch file (.bat) or similar script file as admin
Requires starting the interpreter as admin and handing it the file as Parameter
See documentation of Interpreting Programm for details */
//Just getting the Absolute Path for Notepad
string windir = Environment.GetFolderPath(Environment.SpecialFolder.Windows);
string FullPath = Path.Combine(windir, #"system32\notepad.exe");
//The real work part
//This is the programm to run
ProcessStartInfo startInfo = new ProcessStartInfo(FullPath);
//This tells it should run Elevated
startInfo.Verb = "runas";
//And that gives the order
//From here on it should be 100% identical to the Run Dialog (Windows+R), except for the part with the Elevation
System.Diagnostics.Process.Start(startInfo);
}
}
}
I did not just use System (37) back then, as I wrote it when x32/x86 Systems were still a thing. You would need to check how it resolves nowadays.
Note that most of those paths are duplicated in the PATH System Variable, so you could look it up: https://www.architectryan.com/2018/03/17/add-to-the-path-on-windows-10/
Path Variables in turn go back to the old DOS days. Basically if you gave the Commandline a command/filename it would try the build-in commands, then Executables in the current working Directory (.bat, .com, .exe), and then go look over the path directories to again look for executeables. And only if all that failed, would it complain.
I finally tried to combine all three answers and came up with this:
I post it here in case someone has the same problem.
public static string[] GetPathOf(string cmd)
{
var list = new List<string>();
list.AddRange(Environment.GetEnvironmentVariable("path", EnvironmentVariableTarget.Machine).Split(';'));
list.AddRange(Environment.GetEnvironmentVariable("path", EnvironmentVariableTarget.Process).Split(';'));
list.AddRange(Environment.GetEnvironmentVariable("path", EnvironmentVariableTarget.User).Split(';'));
list = list.Distinct().Where(e=>Directory.Exists(e)).SelectMany(e=> new DirectoryInfo(e).GetFiles()).Where(e=>Regex.IsMatch(e.Name,"(?i)^"+cmd+"\\.(?:exe|cmd|com)")).Select(e=>e.FullName).ToList();
return list.ToArray();
}
There are a lot of questions about getting the name and IP addresses of the local machine and several about getting IP addresses of other machines on the LAN (not all answered correctly). This is different.
In windows explorer if I select Network on the side bar I get a view of local machines on my LAN listed by machine name (in a windows workgroup, anyway). How do I get that same information programatically in C#?
You can try using the System.DirectoryServices namespace.
var root = new DirectoryEntry("WinNT:");
foreach (var dom in root.Children) {
foreach (var entry in dom.Children) {
if (entry.Name != "Schema") {
Console.WriteLine(entry.Name);
}
}
}
You need to broadcast an ARP request for all IPs within a given range. Start by defining the base IP on your network and then setting an upper identifier.
I was going to write up some code examples etc but it looks like someone has covered this comprehensively here;
Stackoverflow ARP question
This seems to be what you are after: How get list of local network computers?
In C#: you can use Gong Solutions
Shell Library
(https://sourceforge.net/projects/gong-shell/)
public List<String> ListNetworkComputers()
{
List<String> _ComputerNames = new List<String>();
String _ComputerSchema = "Computer";
System.DirectoryServices.DirectoryEntry _WinNTDirectoryEntries = new System.DirectoryServices.DirectoryEntry("WinNT:");
foreach (System.DirectoryServices.DirectoryEntry _AvailDomains in _WinNTDirectoryEntries.Children)
{
foreach (System.DirectoryServices.DirectoryEntry _PCNameEntry in _AvailDomains.Children)
{
if (_PCNameEntry.SchemaClassName.ToLower().Contains(_ComputerSchema.ToLower()))
{
_ComputerNames.Add(_PCNameEntry.Name);
}
}
}
return _ComputerNames;
}
I'm working on a simple application to delete user profile entries from the registry, but I've ran into an issue.
So first, I'm getting all the subkeys that are in the ProfileList through the following code:
List<string> KeyList = new List<string>();
RegistryKey ProfileList = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\\Microsoft\Windows NT\\CurrentVersion\\ProfileList\\");
foreach (string ProfileKey in ProfileList.GetSubKeyNames())
{
KeyList.Add(ProfileKey);
}
From there, I'm getting the ProfileImagePath value of each of those keys and adding them to a checked list box:
KeyList.ForEach(delegate(string ProfileKey)
{
ProfileList = Registry.LocalMachine.OpenSubKey(#"SOFTWARE\\Microsoft\Windows NT\\CurrentVersion\\ProfileList\\" + ProfileKey + "\\");
checkedListBox1.Items.Add(ProfileList.GetValue("ProfileImagePath").ToString());
});
Then, when the user clicks the delete button, I want the application to delete the user profiles that are checked. However, I would have to get the value of each checked item (which looks something like C:/Users/Name) and determine which registry keys to delete. I assume I can do this in a foreach loop, but I'm not quite sure how.
What is the best way to go around doing this?
Thanks.
Here you go. You could execute this code when the user clicks a button such as "Delete Selected Users". Here is the shell of the code:
string[] CheckItemsArray = new string[checkedListBox1.CheckedItems.Count+1];
checkedListBox1.CheckedItems.CopyTo(CheckItemsArray, 0);
foreach (string CheckedItem in CheckItemsArray)
{
if (CheckedItem != null)
{
//your deleting logic here
}
}
I am having trouble displaying all the registry keys in the startup section for Windows. I want to display all of the registry keys that tell programs to startup in a text box. I have been able to create a directory listing for the HKEY_LOCAL_MACHINE, but I can't manage to narrow it down to the keys listed in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run directory. Here is my code:
TreeNode localMachineNode = new TreeNode(Registry.LocalMachine.Name);
string[] localMachineSubKeys = Registry.LocalMachine.GetSubKeyNames();
foreach (string key in localMachineSubKeys)
{
TreeNode node = new TreeNode(key, 0, 1);
}
If there is a better way to do this, i'd love to hear about it. Mind you, that is only part of my code.
Use OpenSubKey to open a key using a path:
var runs = Registry.LocalMachine.OpenSubKey(
#"Software\Microsoft\Windows\CurrentVersion\Run");
var valueNames = runs.GetValueNames();
var values = new List<object>();
foreach (var valueName in valueNames)
{
values.Add(runs.GetValue(valueName));
}
Is this what you are after?
var keys = Microsoft.Win32.Registry.LocalMachine
.OpenSubKey(#"Software\Microsoft\Windows\CurrentVersion\Run")
.GetSubKeyNames();
I would like to a) programatically and b) remotely find out the last date/time that a user successfully logged into a Windows machine (via remote desktop or at the console). I would be willing to take any typical windows language (C, C#, VB, batch files, JScript, etc...) but any solution would be nice.
Try this:
public static DateTime? GetLastLogin(string domainName,string userName)
{
PrincipalContext c = new PrincipalContext(ContextType.Domain,domainName);
UserPrincipal uc = UserPrincipal.FindByIdentity(c, userName);
return uc.LastLogon;
}
You will need to add references to using using System.DirectoryServices and
System.DirectoryServices.AccountManagement
EDIT: You might be able to get the last login Datetime to a specific machine by doing something like this:
public static DateTime? GetLastLoginToMachine(string machineName, string userName)
{
PrincipalContext c = new PrincipalContext(ContextType.Machine, machineName);
UserPrincipal uc = UserPrincipal.FindByIdentity(c, userName);
return uc.LastLogon;
}
You can use DirectoryServices to do this in C#:
using System.DirectoryServices;
DirectoryEntry dirs = new DirectoryEntry("WinNT://" + Environment.MachineName);
foreach (DirectoryEntry de in dirs.Children)
{
if (de.SchemaClassName == "User")
{
Console.WriteLine(de.Name);
if (de.Properties["lastlogin"].Value != null)
{
Console.WriteLine(de.Properties["lastlogin"].Value.ToString());
}
if (de.Properties["lastlogoff"].Value != null)
{
Console.WriteLine(de.Properties["lastlogoff"].Value.ToString());
}
}
}
After much research, I managed to put together a nice PowerShell script which takes in a computer name and lists out the accounts and the ACTUAL last logon on the specific computer. ... TURNS OUT MICROSOFT NEVER PROGRAMMED THIS FUNCTION CORRECTLY, IT TRIES TO GET LOGON INFORMATION FROM ACTIVE DIRECTORY AND STORE IT LOCALLY, SO YOU HAVE USERS LOG INTO OTHER MACHINES AND IT'LL UPDATE THE LOGIN DATES ON YOUR MACHINE, BUT THEY NEVER LOGGED INTO YOUR MACHINE.... COMPLETE FAILURE!
$REMOTEMACHINE = "LoCaLhOsT"
$NetLogs = Get-WmiObject Win32_NetworkLoginProfile -ComputerName $REMOTEMACHINE
foreach ($NetLog in $NetLogs)
{
if($NetLog.LastLogon)
{
$LastLogon = [Management.ManagementDateTimeConverter]::ToDateTime($NetLog.LastLogon)
if($LastLogon -ne [DateTime]::MinValue)
{
Write-Host $NetLog.Name ' - ' $LastLogon
}
}
}
Note: From what I can gather, the Win32_NetworkLoginProfile is using the "Win32API|Network Management Structures|USER_INFO_3" structure. So the C# equivalent would be to pInvoke [NetUserEnum] with the level specifying the structures returned in the buffer if you wanted to avoid using WMI.
Fun Fact: The DateTime is returned as an Int32 through USER_INFO_3 structure, so when it's the year 2038, the date will no longer be correct once integer overflow occurs.... #UnixMillenniumBug
You could also use CMD:
C:\Windows\System32>query user /server:<yourHostName>
OR (shorter)
C:\Windows\System32>quser /server:<yourHostName>
Output will be something like this:
USERNAME SESSIONNAME ID STATE LOGONTIME
userXYZ console 1 Active 19.01.2017 08:59
I ended up using pInvoke for "RegQueryInfoKey" in C# to retrieve LastWriteTime on the registry key of each profile located under "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
https://stackoverflow.com/a/45176943/7354452